On Thu, Oct 13, 2016 at 8:35 PM, Marko Rauhamaa <marko.rauhamaa@xxxxxxxxxxxx> wrote: > > Amir Goldstein: >> This series is a prep work for using fanotify to monitor all events in >> a file system with a single watch. >> >> [...] >> >> I am posting this WIP to get feedback on the idea and to find out if >> there are any users out there interested in the improved fanotify >> capabilities and/or in the super block monitoring use case. > > My employer certainly is in need of monitoring a whole filesystem. We > have noticed that namespaces evade monitoring via FAN_MARK_MOUNT. I was > thinking something like a FAN_MARK_FILESYSTEM would be needed. > I have a POC of monitoring entire file system, while filtering to namespace only the events that should be visible to its mounts. I need to get the patches into shape and shake them a bit, then I will post them and I am hoping that others could test them for their use case as well. I keep hearing about people that wanted that feature, but those people will need to come forward and voice their use cases. > (There are some other needed features but filesystem monitoring is the > most pressing one.) > > > Jan Kara: >> Careful here. In the world of user namespaces and containers you have >> to be really careful so that events from one container don't leak into >> another container despite they live in the same physical filesystem, >> just a different bind mount. > > Obviously, proper care needs to be taken, but a namespace should not be > able smuggle filesystem events past fanotify monitoring. > I agree. Cheers, Amir. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
